Risk Management Policy
Policy and Procedure
1. Hastings International Piano risk management model
1.1 Hastings International Piano recognises that risk management is essential to its governance and to sustainable operation of its services. Risk management in Hastings International Piano will be designed to ensure:-
the identification, assessment and management of risk is linked to the achievement of the charity's objectives;
all areas of risk are covered - for example, financial, governance, operational and reputational;
a risk exposure profile can be created that reflects the trustees' views as to what levels of risk are acceptable;
the principal results of risk identification, evaluation and management are reviewed and considered;
risk management is ongoing and embedded in management and operational procedures.
1.2 Hastings International Piano will regularly review and assess the risks it faces in all areas of its work and plans for the management of those risks.
1.3 There are risks associated with all Hastings International Piano’s activities - they can arise through things that are not done, as well as through ongoing and new initiatives. Risk exposure for Hastings International Piano will vary depending on circumstance. For example Hastings International Piano may be willing to expose itself to higher risks as the size of our reserves/size of our organisation increases. Risk tolerance may also be a factor in what activities are undertaken to achieve objectives. Hastings International Piano will therefore ensure that there is an appropriate balance taken between higher and lower risk activities.
These considerations will inform the trustees in their decision as to the levels of risk they are willing to accept.
1.4 Trustees need to let staff know the boundaries and limits set by their risk policies to make sure there is a clear understanding of the risks that can and cannot be accepted.
2. Identifying Our Risks
2.1 As part of its business planning process, a risk register will be developed. This register is a ‘living document’ and forms the baseline for further risk identification. Hastings International Piano recognises that new risks will appear and other risks will become less or more severe or may disappear over the lifetime of the plan. Risk identification is therefore an ongoing process within Hastings International Piano. When new risks are identified by a trustee, these will be referred to the Chair who will in consultation with the trustees will update the risk register accordingly. Hastings International Piano will also annually review the risks identified in the Hastings International Piano’s risk register.
2.2 In undertaking this, trustees will consider:
Hastings International Piano’s purpose;
the nature and scale of our activities;
the outcomes that need to be achieved;
external factors that might affect Hastings International Piano such as legislation and regulation;
the Hastings International Piano reputation with its major funders and supporters;
past mistakes and problems that Hastings International Piano has faced;
the operating structure - for example if we established a trading arm;
comparison with other charities working in the same area or of similar size; and
examples of risk management prepared by other charities or other organisations.
2.3 In developing the Hastings International Piano risk register, trustees will identify/update risks in the following areas
governance;
operational risk
finance risk;
environmental and external risk;
law and regulation compliance risk.
3. Assessing , Monitoring and Evaluating risk
3.1 Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required.
3.2 When a new risk arises, the chair in consultation with the trustees will then assess the risks identified by staff and trustees based on how likely they are to occur and how severe their impact using the methodology set out at appendix 1
3.3 They will identify those risks that are major and propose appropriate actions to mitigate these risks. This will update Hastings International Piano’s risk register and will be approved by the Chair and/or treasurer (if a financial risk).
3.4 Where a trustee subsequently has a concern about the risk register, s/he should initially seek agreement to amendment via email and if s/he is still not satisfied raise the issue at the next board meeting
3.5 Examples of possible actions to mitigate risks are set out in appendix 2.
APPENDIX 1
Risk Assessment Methodology
Impact
Descriptor
Score
Impact on service and reputation
Insignificant
1
no impact on service
no impact on reputation
complaint unlikely
litigation risk remote
Minor
2
slight impact on service
slight impact on reputation
complaint possible
litigation possible
Moderate
3
some service disruption
potential for adverse publicity - avoidable with careful handling
complaint probable
litigation probable
Major
4
service disrupted e.g. long term sickness
adverse publicity not avoidable (local media)
complaint probable
litigation probable
Sudden loss of funding
Extreme
5
service interrupted for significant time
major adverse publicity not avoidable (national media)
major litigation expected
resignation of senior management
resignation of board
major premises related issue e.g. burglary
loss of beneficiary confidence
Likelihood
Descriptor
Score
Example
Remote
1
may only occur in exceptional circumstances
Unlikely
2
expected to occur in a few circumstances
Possible
3
expected to occur in some circumstances
Probable
4
expected to occur in many circumstances
Appendix 2
Actions that could be taken to mitigate risks
The following are examples of possible actions:
the risk may need to be avoided by ending that activity
the risk could be transferred to a third party (e.g. use of a trading subsidiary, outsourcing or other contractual arrangements with third parties);
the risk could be shared with others (e.g. a joint venture project);
the charity's exposure to the risk can be limited (e.g. establishment of reserves against loss of income, phased commitment to projects);
the risk can be reduced or eliminated by establishing or improving control procedures (e.g. internal financial controls, controls on recruitment, personnel policies);
the risk may need to be insured against (this often happens for residual risk, e.g. employers liability, third party liability, theft, fire).
In assessing the actions to be taken, the costs of management or control should be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate. It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.
We are committed to reviewing our policy and good practice annually.
This policy was last reviewed on: ………1st July 2024 (date)
By: ………Ian Brignall – General Manager